2. UNIT VI : 20M
Security and application
Deployment
3. 6.1 SMS Telephony :
Android allows to send and receive sms by
two ways.
1. By using SmsManager class and its
methods.
2. By creating intent.
It requires permissions taken in Manifest as
<uses-permission android:name="android.permission.SEND_SMS" />
<uses-permission
android:name="android.permission.RECEIVE_SMS" />
4. Methods of SmsManager class are
:
Method Description
ArrayList<String> divideMessage(String
text)
This method divides a message text
into several fragments, none bigger
than the maximum SMS message
size.
static SmsManager getDefault() This method is used to get the
default instance of the SmsManager
void sendMultipartTextMessage(String
destinationAddress, String scAddress,
ArrayList<String> parts,
ArrayList<PendingIntent> sentIntents,
ArrayList<PendingIntent> deliveryIntents)
Send a multi-part text based SMS.
void sendTextMessage(String
destinationAddress, String scAddress,
String text, PendingIntent sentIntent,
PendingIntent deliveryIntent)
Send a text based SMS.
5. Sending sms :
By SmsManager class :
We need to create SmsManager class
object and then call a method as
SmsManager smsManager = SmsManager.getDefault();
smsManager.sendTextMessage("phoneNo", null, "sms message",
null, null);
6. By intent :
Intent smsIntent = new Intent(Intent.ACTION_VIEW);
smsIntent.setData(Uri.parse("smsto:"));
smsIntent.setType("vnd.android-dir/mms-sms");
smsIntent.putExtra("address" , new String ("01234"));
smsIntent.putExtra("sms_body" , "Text ");
startActivity(smsIntent);
This uses built in sms application
for sending sms.
7. Receiving sms :
Create a broadcast receiver to receive SMS
messages using the onReceive() method of
the BroadcastReceiver class.
Add
"android.provider.Telephony.SMS_RECEIV
ED" intent filter between the <receiver>
tags in AndroidManifest.xml to register your
receiver for SMS messages.
Use getExtras() to get the message from the
intent:
continued…
8. Bundle bundle = intent.getExtras();
Retrieve the messages from the PDU format: (PDU - Protocol
Data Unit) as :
Object[] pdus = (Object[]) bundle.get("pdus");
Use createFromPdu() to retrieve msg from pdus.
msgs[i] = SmsMessage.createFromPdu((byte[]) pdus[i], format);
String strmsg+ = mgs[i].getMessageBody() ;
In Higher versions mostly API 9 onwards these are considered
as dangerous permissions, so require to take permission from
the user at runtime.
9. 6.2 Location based services :
Location Based Services are provided
by Android through its location
framework.
The framework provides a location API
which consists of certain classes and
interface.
These classes and interface are the
key components which allow us to
develop Location Based Application in
Android.
10. Classes and Interfaces of
Location Based Services:
LocationManager – This class helps to
get access to the location service of the
system.
LocationListener – This interface acts as
the listener which receives notification
from the location manager when the
location changes or the location provider
is disabled or enabled.
Location – This is the class which
represents the geographic location
returned at a particular time.
11. The steps that need to be followed
to retrieve user location :
Step 1
An instance of the LocationManager needs to be
created as the first step in this process.
This is the main class through which the application
gets access to the location services in Android.
A reference to this system service can be obtained by
calling getSystemService() method.
LocationManager locationManager =
(LocationManager)getSystemService(Context.LOCATION_SERVICE);
Step 2
Next step is to identify the location provider you would
like to use for retrieving location details.
12. The location providers actually provide the
location data in Android. Android exposes two
main location providers:
1) GPS Location Provider:
This location provider provides location data with the highest
accuracy (~2 m – 20m). Location updates are provided through
satellites.
However, there are some drawbacks with this provider which are
explained as below:
It is significantly slower than the network provider to get the initial
connection setup with the satellites. This initial connection, also
called Time to First Fix (TTFF) can be extremely slow but once
the connection is established, location updates are quite fast.
GPS provider also drains out the battery very first. So, it is very
important to judiciously use this provider. Special care should be
taken to ensure that this is turned off when you are not using it.
The third draw back comes from the fact that GPS uses radio
signal which is obstructed by solid objects. So, GPS provider will
not work if you are inside a building or in a basement.
13. 2) Network Provider:
This provider uses Wi-Fi hotspots and cell tower to
approximate a location. The provider retrieves an
approximate location by querying the Google
location server using the IDs of the Wi-Fi hotspots
and cell towers. Location accuracy is between 100 –
1000 m. The location accuracy is directly
proportional to the number of Wi-Fi hotspots and cell
towers available in the area.
You can check the availability of the providers using
the below piece of code:
isGpsEnabled=
mLocManager.isProviderEnabled(LocationManager.GPS_PROVIDER);
isNetworkEnabled =
mLocManager.isProviderEnabled(LocationManager.NETWORK_PROVIDE
R);
14. Google Maps
The Google Maps Android API offers five types of
maps:
• Normal : Typical road map. Shows roads, some
features built by humans, and important natural
features such as rivers. Road and feature labels
are also visible.
• Hybrid : Satellite photograph data with road
maps added. Road and feature labels are also
visible.
• Satellite : Satellite photograph data. Road and
feature labels are not visible.
• Terrain : Topographic data. The map includes
colors, contour lines and labels, and perspective
shading. Some roads and labels are also visible.
• None : No tiles. The map is rendered as an
empty grid with no tiles loaded.
15. Creating Project, Creating maps API Key,
Displaying Map :
Steps to create API Key
1. Goto to Google cloud console
2. Sign in with google account
3. Click on new project
4. Give the name of your project
5. Select the name of your project as the current
project.
6. Go to API and services tab. Select credentials
7. Click on Checkbox for API key and then click on
Create
Credential.
8. Your API Key is generated which can be coped and
from
here and pasted in the app wherever necessary.
16. :Steps to create Activity showing google map for current location
1. Create a new Android project.
2. Select Goolgle Map Activity.
3. Give the name of the project here
4. It will create two files as MapActivity.java and google_maps_api.xml
5. Once you have your key (it starts with "AIza"), replace the "google_maps_key“
string in this file. as follows :
<string name="AIzaSyD0dpetpLcRjSLB0ZDChAgKyJus5ObgWEo"
templateMergeStrategy="preserve" translatable="false">YOUR_KEY_HERE</string>
Add the same key in AndroidMnifest.xml as follows :
<meta-data android:name="com.google.android.geo.API_KEY"
android:value="AIzaSyD0dpetpLcRjSLB0ZDChAgKyJus5ObgWEo" />
Also permissions can be set as
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE"
/>
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION"
/>
<uses-permission android:name="android.permission.INTERNET" />
17. Adding Markers :
Current Latitude and Longitude can be given
in onMapReady() of MapActivity.java as
follows :
public void onMapReady(GoogleMap googleMap)
{
mMap = googleMap;
LatLng loc = new LatLng(19.2183, 72.9781);
mMap.addMarker(new MarkerOptions().position(loc).title("Marker in Thane"));
mMap.moveCamera(CameraUpdateFactory.newLatLng(loc));
}
18. Google Maps Intents for
Android
Intents let you start an activity in another app by
describing a simple action you'd like to perform (such
as "display a map" or "show directions to the airport")
in an Intent object.
The Google Maps app for Android supports several
different intents, allowing you to launch the Google
Maps app and perform one of four actions:
1. Display a map at a specified location and zoom level.
2. Search for locations or places, and display them on a
map.
3. Request directions from one location to another.
4. Directions can be returned for three modes of
transportation: driving, walking, bicycling.
5. Display panorama imagery in Google Street View.
19. In order to launch Google Maps with an
intent you must first create an Intent object,
specifying its action, URI and package.
Action: All Google Maps intents are called
as a View action — ACTION_VIEW.
URI: Google Maps intents use URI
encoded strings that specify a desired
action, along with some data with which to
perform the action.
Package:
Calling
setPackage("com.google.android.apps.maps
")
will ensure that the Google Maps app for
Android handles the Intent.
20. Map can be displayed with the help of
geo data by parsing as URI object in
following manner:
Uri IntentUri = Uri.parse("geo:37.7749,-122.4194");
Intent mapIntent = new Intent(Intent.ACTION_VIEW,
IntentUri);
mapIntent.setPackage("com.google.android.apps.maps");
startActivity(mapIntent);
21. Zoom control :
Use the geo: intent to display a map at a
specified location and zoom level.
Parameters latitude and longitude set the
center point of the map.
z optionally sets the initial zoom level of
the map. Accepted values range from 0
(the whole world) to 21 (individual
buildings). The upper limit can vary
depending on the map data available at
the selected location.
geo:latitude,longitude?z=zoom
22. Navigation to a specific
location :
When the query has a single result, you
can use the intent to display a pin at a
particular place or address, such as a
landmark, business, geographic feature, or
town.
geo:latitude,longitude?q=query
geo:0,0?q=my+street+address
geo:0,0?q=latitude,longitude
q defines the place(s) to highlight on the
map. The q parameter is required for all
Search requests. It accepts a location as
either a place name or address.
23. Geocoding :
Geocoding refers to transforming street
address or any address into latitude and
longitude.
Reverse Geocoding :
Reverse Geocoding refers to
transforming latitude and longitude into its
corresponding street address.
Android Geocoder class is used for
Geocoding as well as Reverse
Geocoding.
24. Navigating through Map (display
route)
Use this intent to launch Google Maps navigation with turn-by-
turn directions to the address or coordinate specified. Directions
are always given from the user's current location.
google.navigation:q=a+street+address
google.navigation:q=latitude,longitude
Parameters
q: Sets the end point for navigation searches. This value can be
latitude, longitude coordinates or a query formatted address. If it
is a query string that returns more than one result, the first result
will be selected.
mode sets the method of transportation. Mode is optional, and
can be set to one of:
d for driving (default)
b for bicycling
l for two-wheeler
w for walking
25. Uri IntentUri = Uri.parse("google.navigation:q=Location&mode=b");
Intent mapIntent = new Intent(Intent.ACTION_VIEW, IntentUri);
mapIntent.setPackage("com.google.android.apps.maps");
startActivity(mapIntent);
For eg :
The below intent returns a route in India :
Uri IntentUri =
Uri.parse("google.navigation:q=Connaught+Place,+New+Delhi,Delhi&mo
de=l");
Intent mapIntent = new Intent(Intent.ACTION_VIEW, IntentUri);
mapIntent.setPackage("com.google.android.apps.maps");
startActivity(mapIntent);
26. 6.3 Android security Model
Declaring and using permissions
Using custom permissions
27. Android security Model
The Android security model is primarily
based on a sandbox and permission
mechanism.
A sandbox is an isolated testing
environment that enables users to run
programs or execute files without affecting
the application, system, or platform on
which they run.
This isolates apps from each other and
protects apps and the system from
malicious apps.
28. Each application is running in a specific Dalvik virtual machine
with a unique user ID assigned to it.
It means the application code runs in isolation from the code of
all others applications.
As a consequence, one application is not granted to have
access to other applications’ files.
Android application is always signed with a certificate with a
private key.
The owner of the application is unique. This allows the author
of the application getting identified if needed.
When an application is installed in the phone, it is assigned a
user ID, thus avoiding it from affecting with other applications
by creating a sandbox for it.
29. This user ID is permanent, on which the
devices and applications with the same
user ID are allowed to run in a single
process.
This is a way to ensure that a malicious
application cannot access / compromise
the data of the genuine application.
It is mandatory for an application to list all
the resources it will access during
installation.
Terms required for an application, in the
installation process should be user-based
30. Permissions :
The purpose of a permission is to protect
the privacy of an Android user.
Android apps must request permission to
access sensitive user data (such as
contacts and SMS), as well as certain
system features (such as camera and
internet).
Depending on the feature, the system
might grant the permission automatically
or might prompt the user to approve the
31. Permissions are divided into several protection levels
as:
Normal permissions: cover areas where your app
needs to access data or resources outside the app’s
sandbox, but where there’s very little risk to the user’s
privacy or the operation of other apps. For example,
permission to set the time zone is a normal permission.
Signature permissions: The system grants these app
permissions at install time, but only when the app that
attempts to use permission is signed by the same
certificate as the app that defines the permission.
Dangerous permissions cover areas where the app
wants data or resources that involve the user’s private
information, or could potentially affect the user’s stored
data or the operation of other apps. For example, the
ability to read the user’s contacts is a dangerous
permission.
32. Permissions can be already defined in android or we
can customize permissions for our app.
For example : INTERNET is a default permission.
Whereas to keep data in more secure way we can
design out permission set by customizing them.
For Eg :
In order to add a layer of security, we can define
custom permissions that only applications that have it
are allowed for that action.
<permission
android:name="com.companyX.permission.custom"
android:description="@string/custom_permission_description"
android:label="@string/custom_permission_label"
android:protectionLevel="signature"/>
It can be added in AndroidManifest.xnl as :
<uses-permission
android:name="com.companyX.permission.custom"/>
33. Android threats:
Some security vulnerabilities on
Android:
Leaking Information to Logs
SDcard Use:
Unprotected Broadcast Receivers
Intent Injection Attacks
Wifi Sniffing
35. Google Play is arguably one of the
largest platforms for distributing,
promoting, and selling Android apps.
Like any other app store, the Google
play platform comes with its own set of
rules, regulations, and procedures.
you need to understand how it works
in order to avoid any future issues.
36. Step 1: Create a Developer
Account
Before you can publish any app on
Google Play, you need to create a
Developer Account.
You can easily sign up for one using
your existing Google Account on
Google play console.
37.
38. The sign up process is fairly straightforward,
and you’ll need to pay a one-time registration
fee of $25. After you’ve reviewed and
accepted the Developer Distribution
Agreement, you can proceed to make the
payment using your credit or debit card.
To finish the sign up process, fill out all your
necessary account details, including your
Developer Name, which will be visible to your
customers on Google Play. You can always
add more details later.
Also, do remember that it can take up to 48
hours for your registration to be fully
processed.
39. Step 2: Plan to Sell? Link Your
Merchant Account
If you want to publish a paid app or
plan to sell in-app purchases, you
need to create a payments center
profile, i.e. a merchant account.
Or otherwise you can give it for free
40. Step 3: Create an App
Navigate to the ‘All applications’ tab in the
menu
Click on ‘Create Application’
Select your app’s default language from the
drop-down menu
Type in a title for your app.
Click on “Create”.
The title of your app will show on Google
Play after you’ve published. you can always
change the name later.
After you’ve created your app, you’ll be taken
to the store entry page. Here, you will need to
fill out all the details for your app’s store
listing.
41. Step 4: Prepare Store Listing
Before you can publish your app, you
need to prepare its store listing. These are
all the details that will show up to
customers on your app’s listing on Google
Play.
You don’t necessarily have to complete
this step before moving on to the next one.
You can always save a draft and revisit it
later when you’re ready to publish.
42. The information required for your store
listing is divided into several categories:
Product Details
Your app’s title and description should be written with a great user experience in mind
Use the right keywords, but don’t overdo it. Make sure your app doesn’t come across
as spam-y or promotional, or it will risk getting suspended on the Play Store.
43. Graphic Assets
Under graphic assets, you can add screenshots,
images, videos, promotional graphics, and icons
that showcase your app’s features and
functionality.
There are specific requirements for each graphic asset that you upload, such
as the file
format and dimensions.
44. Languages & Translations
You can also add translations of your app’s
information in the store listing details, along with
in-language screenshots and other localized
images.
45. Categorization
This part requires you to select the appropriate type and
category your app belongs to. From the drop-down
menu, you can pick either app or game for the
application type.
There are various categories for each type of app available on the Play Store
Pick the one your app fits into best.
46. Contact Details
This part requires you to enter contact
details to offer your customers access
to support regarding your app.
You can add multiple contact channels
here, like an email, website, and
phone number, but providing a contact
email is mandatory for publishing an
app.
47. Privacy Policy
For apps that request access to sensitive
user data or permissions, you need to
enter a comprehensive privacy policy that
effectively discloses how your app
collects, uses, and shares that data.
You must add a URL linking to your
privacy policy in your store listing and
within your app. Make sure the link is
active and relevant to your app.
48. Step 5: Upload APK to an App
Release
The Android Package Kit (or APK, for short) is the file format
used by the Android operating system to distribute and install
apps. Simply put, your APK file contains all the elements needed
for your app to actually work on a device.
To create a release, select the app you created in Step 3. Then,
from the menu on the left side, navigate to ‘Release management’
-> ‘App releases.’
you need to select the type of release you want to upload your
first app version to. You can choose between an internal test, a
closed test, an open test, and a production release.
49. The first three releases allow you to test out
your app among a select group of users
before you make it go live for everyone to
access.
This is a safer option because you can
analyze the test results and optimize or fix
your app accordingly if you need to before
rolling it out to all users.
if you create a production release, your
uploaded app version will become accessible
to everyone in the countries you choose to
distribute it in.
Once you’ve picked an option, click on
‘Create release.’
50.
51. Step 6:
Set Up Pricing & Distribution
Before you can fill out the details
required in this step, you need to
determine your app’s monetization
strategy.
Once you know how your app is going
to make money, you can go ahead
and set up your app as free or paid.
52.
53. Step 7:
Rollout Release to Publish Your App
The final step involves reviewing and rolling out your release after
making sure you’ve taken care of everything else.
Before you review and rollout your release, make sure the store
listing, content rating, and pricing and distribution sections of your
app each have a green check mark next to them.
Once you’re sure you’ve filled out those details, select your app and
navigate to ‘Release management’ — ‘App releases.’ Press ‘Edit
release’ next to your desired release, and review it.
Next, click on ‘Review’ to be taken to the ‘Review and rollout
release’ screen. Here, you can see if there are any issues or warnings
you might have missed out on.
Finally, select ‘Confirm rollout.’This will also publish your app to
all users in your target countries on Google Play.
54. Developer Console
Developer console allows app developers and
marketers to better understand how their apps
are performing in terms of growth, technical
performance such as crashes or display issues,
and financials. The console offers acquisition
reports and detailed analysis which can help app
developers / marketers find out how well an app
is really performing.